You could just define your own keys and make it work, but how do you judge whether the public/shared keys are genuine? That's why you have a Certification Authority, to guarantee (countersign, if you like) the shared keys